CVE-2020-14340 — MEDIUM (5.9)

Q: How severe is CVE-2020-14340?

CVE-2020-14340 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-14340?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Xnio, Redhat Jboss Brms, Redhat Jboss Data Grid, Redhat Jboss Data Virtualization, Redhat Jboss Enterprise Application Platform.

Vulnerability Description

A vulnerability was discovered in XNIO where file descriptor leak caused by growing amounts of NIO Selector file handles between garbage collection cycles. It may allow the attacker to cause a denial of service. It affects XNIO versions 3.6.0.Beta1 through 3.8.1.Final.

CVSS Score

5.9

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Redhat	Xnio	>= 3.6.1, < 3.7.9
Redhat	Jboss Brms	5
Redhat	Jboss Data Grid	6.0.0
Redhat	Jboss Data Virtualization	6.0.0
Redhat	Jboss Enterprise Application Platform	5.0.0
Redhat	Jboss Fuse	6.0.0
Redhat	Jboss Operations Network	3.0
Redhat	Jboss Soa Platform	5
Oracle	Communications Cloud Native Core Console	1.9.0
Oracle	Communications Cloud Native Core Network Repository Function	1.14.0
Oracle	Communications Cloud Native Core Policy	1.14.0
Oracle	Communications Cloud Native Core Security Edge Protection Proxy	1.15.0
Oracle	Communications Cloud Native Core Service Communication Proxy	1.14.0
Oracle	Communications Cloud Native Core Unified Data Repository	1.14.0

Related Weaknesses (CWE)

CWE-400

References

https://bugzilla.redhat.com/show_bug.cgi?id=1860218Issue TrackingVendor Advisory
https://www.oracle.com/security-alerts/cpuapr2022.htmlPatchThird Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.htmlPatchThird Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1860218Issue TrackingVendor Advisory
https://www.oracle.com/security-alerts/cpuapr2022.htmlPatchThird Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.htmlPatchThird Party Advisory

FAQ

What is CVE-2020-14340?

CVE-2020-14340 is a vulnerability with a CVSS score of 5.9 (MEDIUM). A vulnerability was discovered in XNIO where file descriptor leak caused by growing amounts of NIO Selector file handles between garbage collection cycles. It may allow the attacker to cause a denial ...

How severe is CVE-2020-14340?

CVE-2020-14340 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-14340?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Xnio, Redhat Jboss Brms, Redhat Jboss Data Grid, Redhat Jboss Data Virtualization, Redhat Jboss Enterprise Application Platform.